Category Archives: Russia

Iran Using Same ‘Active Measure’ Tactics Against the U.S.

Posted on by

When traveling internet sites, social media accounts and various news aggregator services, one needs to be even more suspect of what information is out there. Russia has been applying propaganda ‘active measure’ tactics for decades and due to the global internet system, the volume has gone beyond measure.

With all things Russia going on in Washington DC and in media, the success of active measures has been noticed by both China and Iran. Both have launched robust propaganda operations forcing the West and citizens to question authenticity of sites, articles and posts of all forms.

Watch out for those hashtags….influencing voters and fake/false news goes back to at least 2016. The operations are so effective that even big media has been duped and corrections are printed or made often when recognized. Some items are never corrected.

Iran’s Anti-US Propaganda Reflects regime’s instability photo

(Reuters) – Alphabet Inc’s (GOOGL.O) Google said on Thursday it had identified and terminated 39 YouTube channels linked to state-run Islamic Republic of Iran Broadcasting.

Google has also removed 39 YouTube channels and six blogs on Blogger and 13 Google+ accounts.

“Our investigations on these topics are ongoing and we will continue to share our findings with law enforcement and other relevant government entities in the U.S. and elsewhere,” Google said in a blog post here 

On Tuesday, Facebook Inc (FB.O), Twitter Inc (TWTR.N) and Alphabet Inc (GOOGL.O) collectively removed hundreds of accounts tied to an alleged Iranian propaganda operation.

Google, which had engaged cyber-security firm FireEye Inc (FEYE.O) to provide the company with intelligence, said it has detected and blocked attempts by “state-sponsored actors” in recent months.

FireEye said here it has suspected “influence operation” that appears to originate from Iran, aimed at audiences in the United States, the U.K., Latin America, and the Middle East.

Shares of FireEye rose as much as 10 percent to $16.38 after Google identified the company as a consultant.

***

The Daily Beast went for a deeper dive on the tactics by Iran and explained a few cases.

An Iranian propaganda campaign created fake Bernie Sanders supporters online, Facebook disclosed Tuesday.

In a press release, the social-media giant said it had removed 652 pages associated with political-influence campaigns traced to Iran, including coordinated inauthentic behavior that originated in Iran and targeted people across multiple internet services in the Middle East, Latin America, U.K., and U.S.”

The cybersecurity company FireEye, which first alerted Facebook to the influence campaign months ago, wrote in a separate posting on its site that it had traced the campaign—including posts from supposed “American liberals supportive of U.S. Senator Bernie Sanders”—to Iran through email addresses and phone numbers associated with the “inauthentic” accounts.

The investigation began with FireEye’s discovery of a fake U.S. news outlet called Liberty Front Press, which Facebook says was created in 2013. The actors behind that site over time branched out into different personas intended to appeal to different audiences including “anti-Saudi, anti-Israeli, and pro-Palestinian themes.” Examples included accounts like The British Left, which published content in support of U.K. Labour party leader Jeremy Corbyn, and the pro-Palestinian Patriotic Palestinian Front. FireEye also says it “identified multiple Arabic-language, Middle East-focused sites” as part of the effort.

Unlike the Russian cyberinfluence campaign in 2016, FireEye didn’t find a complementary hacking campaign attached to the propaganda activity. Iran has spent big on developing its offensive online capabilities, but FireEye said it found no links to APT35—a hacking group that has targeted U.S. defense companies and Saudi energy firms. Instead, the security firm found links between the campaign and Iran’s state-run TV propaganda channel, PressTV.

The Iranian actors behind the campaign expanded beyond Facebook and Instagram and onto Twitter, according to FireEye. In a separate statement late Tuesday, Twitter announced it had suspended 284 accounts for what it said was “coordinated manipulation” and that “it appears many of these accounts originated from Iran.”

The Daily Beast recovered tweets from what appears to be an account associated with the campaign. @libertyfrontpr has since been deleted, but Google cache results show it linked back to the LibertyFrontPress.com website FireEye attributed to be part of the propaganda effort. The account was active as of at least Tuesday and is not listed as suspended on the platform.

The account used hashtags like “#Resist” and #NotMyPresident when tweeting out anti-Trump sentiments. It also weighed in against the Supreme Court nomination of Judge Brett Kavanaugh. “The #Senate has a responsibility to reject any nominee who would fail to be a fair-minded constitutionalist. That is #BrettKavanaugh. We must #StopKavanaugh.”

In a rare move for Holocaust-denying Iranian propaganda, @libertypr slammed the Republican Party for allowing anti-Semite and Holocaust denier John Fitzgerald to run for a seat in the California legislature.

In addition to the U.S. themes, Liberty’s Twitter account also targeted opponents of the Iranian government, including the Mujahedeen Khalq exile group, or MEK, which advocates the overthrow of Iran’s clerical government, with hashtags like “#BanTerrorOrg.”

The takedown marks the second time since the 2016 election that Facebook has appeared to act without U.S. government pressure to stop an alleged political-influence campaign. In late July, Facebook took down a handful of sock-puppet accounts purporting to be black, Hispanic, and #Resistance activists. Facebook didn’t attribute that campaign to a specific country or group, but it did note that some of the accounts had links to the infamous Russian Internet Research Agency troll farm.

Facebook said Tuesday that it had taken down the new batch of pages only after waiting “many months” after being alerted to the campaign by FireEye. The delay allowed the company to further investigate the campaign and improve its defenses against future efforts.

Securing the Elections, FBI Investigating Hacks

Posted on by

Securing the vote.

The states, which under the US system are responsible for conducting elections, remain concerned about the integrity of the ballot. Thirty-six  states have now deployed Albert sensors on their voting infrastructure to allow the Department of Homeland Security to observe state systems that manage either voter information or voting devices (Reuters).

The states also want the Feds to share more threat intelligence. Forty-four states and the District of Columbia took part in a Department of Homeland Security exercise this week  (US Department of Homeland Security). The states appear to have gained enough insight into the value of threat intelligence to decide that they want more of it (Reuters). Some advocate Federal standards for the conduct of elections, perhaps even mandatory standards (Atlantic Council). More here.

Meanwhile:

Then there is the matter the FBI is investigating in California.

The FBI launched investigations after two Southern California Democratic U.S. House candidates were targeted by computer hackers, though it’s unclear whether politics had anything to do with the attacks.

A law enforcement official told The Associated Press the FBI looked into hacks involving David Min in the 45th Congressional District and Hans Keirstead in the adjacent 48th District. Both districts are in Orange County and are seen as potential pickups as the Democratic Party seeks to win control of the Congress in November.

A person with knowledge of the Min investigation told the AP on Monday that two laptops used by senior staffers for the candidate were found infected with malware in March. It’s not clear what, if any, data was stolen, and there is no evidence the breach influenced the contest.

The CEO of a biomedical research company, Keirstead last summer was the victim of a broad “spear-phishing” attack, in which emails that appear to come from a friend or familiar source are designed to help hackers snatch sensitive or confidential information, the law enforcement official said. There is no evidence Keirstead lost valuable information.

The investigations so far have not turned up evidence the two candidates in Orange County were political targets.

The official and the knowledgeable person were not authorized to discuss the cases publicly and spoke only on condition of anonymity.

Keirstead was narrowly defeated in the June primary for the seat held by Republican Rep. Dana Rohrabacher. Min came in third in the contest to unseat Republican Rep. Mimi Walters.

Min’s staff was alerted to a potential cyberattack by a facility manager in the software incubator where his campaign rented space. It was later found the computers were infected with software that records and sends keystrokes, with additional software that concealed it from conventional anti-virus tools used by the campaign.

Hackers also used a broad spear-phishing attack in an attempt to gain access, and FBI investigators are still piecing together additional details, the official said.

The two laptops were replaced, and Min’s computer was not infected. The attack on the computers was first reported by Reuters.

Keirstead campaign officials detected repeated attempts to access the campaign’s website.

Rolling Stone magazine, which first reported that cyberattack, said hackers or bots tried different username-password combinations in a rapid-fire sequence over a two-and-a-half-month period to get inside the campaign’s WordPress-hosted website.

According to the campaign, there were also more than 130,000 so-called brute force attempts over a monthlong period to gain access to the campaign’s server through the cloud-server company that hosted the Keirstead campaign’s website, Rolling Stone said.

Computer security experts say that many attempts to gain access to a site hosted with the popular and free WordPress software is not unusual.

“Every WordPress hosted website sees 130,000 brute force attempts over a monthlong period, regardless whether it’s Bohemian basket weaving, a blog about furry costume construction, or a politician website,” said Robert Graham, a cybersecurity expert who created the BlackICE personal firewall.

“Hackers don’t know or care who you are: they only care that you use WordPress,” Graham said in a text message.

Min finished third behind fellow Democrat Katie Porter, who faces Walters in November. In the 48th District, Rohrabacher will face Democrat Harley Rouda, who snagged the second runoff spot by defeating Keirstead by 125 votes.

Is that Russian Submarine Threat Still out There?

Posted on by

It is not just the U.S. Navy that is on alert. Europe’s top Navy Commander:

NAPLES, Italy — Russia is deploying more submarines to the Mediterranean, the Black Sea and North Atlantic than at any time since the Cold War as part of a growing power game driving the U.S. to revive a decommissioned fleet and NATO to strengthen its naval defenses, the Navy’s top commander in the theater said.

Russia is upgrading its submarine forces and improving their missile capabilities, all while relations between Moscow and NATO remain tense over Russia’s annexation of Ukraine’s Crimean Peninsula in 2014, Adm. James Foggo, commander of U.S. Naval Forces Europe and Africa, said in an interview earlier this month.

“The illegal annexation of Crimea … that certainly has put a strain on our relationship,” Foggo told Stars and Stripes. “It’s their bad behavior, not ours. It’s the things they are doing.”

The Navy is reviving 2nd Fleet, though on a smaller scale than the one deactivated in 2011, to supply more ships in what Foggo described as growing competition between Russia and NATO in the Atlantic Ocean.

The renewed 2nd Fleet will be a Norfolk, Va.-based joint forces command, with many details yet to be worked out, Foggo said, adding that Navy leaders will know more after NATO’s July summit in Brussels. More here.

***

This is not really a new condition, it has been going on for a few years without any real U.S. response that is until the Omnibus was passed where monies were allocated for air-dropped sonobuoys that can detect submarines and transmit data back to motherships. The warnings began with Russia, operating in the Mediterranean where missiles were fired into Syria on several occasions.

The United States and Britain have been playing cat and mouse with Russia in several locations. Under Exercise Dynamic Mongoose, 10 NATO countries have been practicing hunting tactics of stealth submarines off Norway’s coast.

This past April, Lockheed Martin was awarded a $1 billion contract for a hypersonic cruise missile.

The Hypersonic Conventional Strike Weapon program is one of two hypersonic weapon prototyping efforts being pursued by the Air Force, and comes in addition to the Tactical Boost Glide program, which the Air Force is working on with DARPA and Raytheon. The service plans to have a prototype ready by 2023.

The Tactical Boost Glide is designed to operate at 5 times the speed of sound to enhance current military systems.

The United States has 70 nuclear powered submarines and 52 attack submarines along with 4 cruise missile armed submarines and 14 ballistic missile submarines. They all patrol bodies of water across the globe.

Russian Subs Are Reheating a Cold War Chokepoint - Defense One  photo

Adm. John Richardson, Chief of Naval Operations has confirmed increased foreign submarine operations.

According to GlobalFirePower.com, North Korea has the world’s largest submarine fleet by raw numbers with 76, though most of Pyongyang’s fleet consists of shorter-range, electric-diesel coastal patrol craft. China and Russia, both with modern nuclear-powered fleets that rival the U.S. fleet, have 68 subs and 63 subs, respectively.

NATO Secretary-General Jens Stoltenberg, in an interview with the Frankfurt Allgemeine and other news outlets in December, said the Kremlin is investing heavily in its submarine fleet, with 13 delivered since 2013. NATO countries, he said, have let their underwater firepower lag. “We have practiced less and lost skills,” the NATO chief said.

A particular point of concern, said one former high-level U.S. Navy official, is that Moscow may be attempting to tap into or sever some of the 550,000 miles of underwater fiber-optic cables that span the Atlantic and Arctic sea lanes.

“Russians have had a capability … to do things with these cables for the last 20 to 30 years,” said Tom Callender, who once served as head of capabilities for the Navy’s deputy undersecretary office and is now a senior defense fellow at The Heritage Foundation.

“Russians have had a capability … to do things with these cables for the last 20 to 30 years,” said Tom Callender, who once served as head of capabilities for the Navy’s deputy undersecretary office and is now a senior defense fellow at The Heritage Foundation.More than 95 percent of the global internet traffic — military and civilian, classified and unclassified — is transmitted across the network of submerged cables along the ocean floor, according to Washington-based tech firm TeleGeography. The quantity is massive compared with just a decade ago, when just 1 percent of all online traffic went through the cables.

Seabed vulnerability

The majority of the 285 underwater cables in place crisscross beneath heavily trafficked sea lanes of the Atlantic and Arctic regions. According to TeleGeography, the longest single cable stretches 24,000 miles and relays internet traffic and other electronic communications from Europe, Asia and Africa.

The scale and scope of global communications moving through the network of cables — some of which are only 2 inches thick — present a lucrative target that is vulnerable to attack by U.S. adversaries. It also poses a significant challenge to U.S. forces defending the lines. Read more detail here.

 

So, What Really Goes in Space to Have a Space Force?

Posted on by

Primer: Did you know there is something called the OuterSpace Treaty? Yup, it covers arms control, verification and compliance. Sounds great right? Problem is it is dated 2002.

Then there is the NASA summary of the 1967 Space Treaty.

GPS is operated and maintained by the U.S. Air Force. GPS.gov is maintained by the National Coordination Office for Space-Based Positioning, Navigation, and Timing.

Like the Internet, GPS is an essential element of the global information infrastructure. The free, open, and dependable nature of GPS has led to the development of hundreds of applications affecting every aspect of modern life. GPS technology is now in everything from cell phones and wristwatches to bulldozers, shipping containers, and ATM’s.

GPS boosts productivity across a wide swath of the economy, to include farming, construction, mining, surveying, package delivery, and logistical supply chain management. Major communications networks, banking systems, financial markets, and power grids depend heavily on GPS for precise time synchronization. Some wireless services cannot operate without it.

GPS saves lives by preventing transportation accidents, aiding search and rescue efforts, and speeding the delivery of emergency services and disaster relief. GPS is vital to the Next Generation Air Transportation System (NextGen) that will enhance flight safety while increasing airspace capacity. GPS also advances scientific aims such as weather forecasting, earthquake monitoring, and environmental protection.

Finally, GPS remains critical to U.S. national security, and its applications are integrated into virtually every facet of U.S. military operations. Nearly all new military assets — from vehicles to munitions — come equipped with GPS.

***

There is a robust debate within Washington and the Pentagon if whether or not a new branch of Armed Services is really needed. Presently, the Air Force has most exclusive authority of all things space except for research and exploration which is performed by NASA.

There is even a debate within the Air Force which was raised last February.

US Air Force Chief of Staff General David L. Goldfein predicted it’ll only be a “matter of years” before American forces find themselves “fighting from space.” To prepare for this grim possibility, he said the Air Force needs new tools and a new approach to training leaders. Oh, and lots of money.

“[It’s] time for us as a service, regardless of specialty badge, to embrace space superiority with the same passion and sense of ownership as we apply to air superiority today,” he said.

These are some of the strongest words yet from the Air Force chief of staff to get the Pentagon thinking about space—and to recognize the U.S. Air Force as the service branch best suited for the job. “I believe we’re going to be fighting from space in a matter of years,” he said. “And we are the service that must lead joint war fighting in this new contested domain. This is what the nation demands.”

The USAF and other military officials have been saying this for years, but Goldfein’s comments had an added sense of urgency this time around. Rep. Mike Rogers, the Strategic Forces Subcommittee chairman, recently proposed the creation of a new “Space Corps,” one that would be modeled after the Marines. The proposed service branch, it was argued, would keep the United States ahead of rival nations like Russia and China. The idea was scrapped this past December—at least for now. Needless to say, Rogers’ proposal did not go over well with the USAF; the creation of the first new uniformed service branch in 70 years would see Pentagon funds siphoned away from the Air Force. Hence Goldfein’s speech on Friday, in which he argued that the USAF is the service branch best positioned to protect American interests in space.

But in order to protect “contested environments,” the US Air Force will need to exercise competency in “multi-domain operations,” he said. This means the ability to collect battlefield intelligence from “all domains,” including air, ground, sea, cyber, and space. “I look forward to discussing how we can leverage new technology and new ways of networking multi-domain sensors and resilient communications to bring more lethality to the fight,” said Goldfein.

Indeed, the USAF has plenty of work to do make this happen, and to keep up with its rivals. China, for example, recently proposed far-fetched laser-armed satellite to remove space junk, while also demonstrating its ability to shoot down missiles in space. Should a major conflict break out in the near future, space will most certainly represent the first battlefield.

“When you think of how dependent the US military is on satellites for everything from its communication and navigation to command and surveillance, we are already fighting in space, even if it’s not like the movies depicted,” Peter W. Singer, fellow at New America and author of Ghost Fleet: A Novel of the Next World War, told Gizmodo. “If we were ever to fight another great power, like a China or Russia, it is likely the opening round of battle would be completely silent, as in space no one would hear the other side jamming or even destroying each other’s satellites.”

To prepare the United States for this possibility, Goldfein said the Air Force needs to invest in new technologies and train a new generation of leaders. On that last point, the CSAF ordered Lt. Gen. Steven Kwast, the commander of Air Education and Training Command, to develop a program to train officers and non-commissioned officers for space ops. “We need to build a joint, smart space force and a space-smart joint force,” Goldfein said.

As reported in SpaceNews, the USAF is asking for $8.5 billion for space programs in the 2019 budget, of which $5.9 billion would go to research and development, and the remaining for procurement of new satellite and launch services. Over next five years it hopes to spend $44.3 billion on development of new space systems, which is 18 percent more than it said it would need last year to cover the same period.

 

Trouble Ahead After DPRK’s FM Visit to Tehran

Posted on by

So, it appears there is more to the teaming up between Tehran and Pyongyang.

The Iranian President Rouhani told the North Korean Foreign Minister in a recent confab to NOT trust the United States.

Meanwhile, SecState, Mike Pompeo issued a proposal to North Korea calling for a timeline Pompeo that would mandate North Korea hand over 60 to 70 percent of its nuclear warheads to a third party within six to eight months, according to the report.

North Korea has reportedly rejected a formal timeline for its denuclearization proposed by Secretary of State Mike Pompeo.

Vox reported Wednesday that Pyongyang has rejected the timeline several times over the past two months amid continued negotiations over North Korea’s nuclear program.

The timeline Pompeo proposed would mandate North Korea hand over 60 to 70 percent of its nuclear warheads to a third party within six to eight months, according to the report.

However, it is unclear how many warheads North Korean leader Kim Jong Un has, making it difficult to verify that Pyongyang has actually turned over an agreed-upon percentage.

Trump administration officials in recent weeks have expressed frustration with North Korea’s efforts to denuclearize despite President Trump hailing his June summit with Kim in Singapore as a success.

“The ultimate timeline for denuclearization will be set by Chairman Kim, at least in part,” Pompeo told Channel NewsAsia in an interview last week.

“The decision is his. He made a commitment, and we’re very hopeful that over the coming weeks and months we can make substantial progress towards that and put the North Korean people on a trajectory towards a brighter future very quickly.”

White House national security adviser John Bolton told Fox News on Tuesday that “North Korea that has not taken the steps we feel are necessary to denuclearize.”

Iran fires attack on Trump as it tells North Korea: ‘US ... photo

Then we have yet another emerging hacking warning from CERT.

The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have identified a Trojan malware variant—referred to as KEYMARBLE—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.

US-CERT encourages users and administrators to review Malware Analysis Report (MAR) MAR-10135536-17 and the US-CERT page on HIDDEN COBRA – North Korean Malicious Cyber Activity for more information.

Not to leave out Iran’s cyber attack warnings.

Iranian hackers have laid the groundwork to carry out extensive cyber attacks against private U.S. and European companies, U.S. officials warn, according to NBC News. Although experts don’t believe any such attack is imminent, the preparations could enable denial-of-service attacks on infrastructure including electric grids and water plants, plus health care and technology companies across the U.S., Europe, and Middle East, say U.S. officials at the 2018 Aspen Security Forum.

A spokesperson for the Iranian mission to the United Nations, Alireza Miryousefi, told NBC News that the U.S. is more aggressive in terms of cyber attacks, and Iran’s moves are merely defensive.

***

As sanctions reimposed in response to its nuclear program begin to bite, Iran seems poised to follow the trail North Korea blazed in cyberspace: state-directed hacking that aims at direct theft to redress economic pain. Accenture researchers have been tracking ransomware strains, many of them requiring payment in Bitcoin or other cryptocurrencies, and they’ve concluded that they represent an incipient Iranian campaign against targets of opportunity that offer the prospect of quick financial gain. Tehran’s state-directed hackers have a reputation as being relatively less sophisticated than those run by Russia and China (and indeed those run by major Western powers, the Five Eyes and their closest friends) but they also have a reputation as determined fast-learners.

CCN: As the US gets ready to impose sanctions on Iran, hackers in that country are working on ransomware to secure bitcoin, according to cybersecurity experts interviewed by The Wall Street Journal.

Accenture PLC’s cybersecurity intelligence group has followed five Iranian built ransomware variations in the last two years. The hackers are hoping to secure payments in cryptocurrencies, according to Jim Guinn, who oversees the industrial cybersecurity business at Accenture.

Several clues link the ransomware to Iran. Samples include messages in Farsi that are connected to Iran based computers.

A recent Accenture report noted the ransomware could be driven by Iranian government supported parties, criminals, or both.

Scourge Continues

Ransomware has plagued both businesses and governments for years, having disabled payment systems at the San Francisco Municipal Transportation Agency, U.K hospitals and cargo shipments. Government supported hackers in some instances have obtained cryptocurrency payments from victims.

One variant of ransomware that iDefense discovered has been linked to Iran’s government, according to CrowdStrike Inc., another cybersecurity firm. The software, called Tyrant, was developed to discourage Iranian citizens from downloading software designed to discourage government snooping, CrowdStrike noted.

Palo Alto Networks Inc. and Symantec Corp. issued reports last month that described a pair of data stealing operations connected to Iran.

Crypto Mining Linked To Iran

Crypto mining software, which robs computers of their processing power to mine cryptocurrencies, has also been linked to Iran.

Accenture cited crypto mining software installed on Middle Eastern customer networks equipped with digital clues to Iran.

Crypto mining software has created problems in gas and oil facilities in the Middle East, Guinn said. He estimated millions of dollars of compute cycles have been stolen in the last year.

Iran Denies Culpability

Iran has claimed it has not been involved in cyber attacks, and that it has been a hacking victim.

A cyber attack called Stuxnet initiated by the U.S. and Israel about a decade ago disabled uranium-enrichment centrifuges for Iran’s nuclear program. Iran has since focused on enhancing its own cyber capabilities, according to government officials and security researchers.

Keith Alexander, chief executive of IronNet Cybersecurity Inc. and former director of the U.S. Cyber Command and the National Security Agency said crypto mining and theft is a way for cash-strapped countries to make fast profits.

Guinn said hackers have also stolen intellectual property.